Table of Contents

Overview

Your OpenSolaris VPS (2009.06 release) is accessible only through SSH. All network services are disabled by default with the exception of SSH. The server comes with minimal software and changes (see Defaults for more information).

OpenSolaris no longer uses the old Solaris based packaging (e.g. pkgadd or pkgrm…). In the new packaging architecture in OpenSolaris, all the latest software is on a remote repository (called “publisher” in IPS). You can also peek at the available software using the browser.

IPS package management is done through the single pkg command:

pkg help shows a usage guide

pkg list shows packages that are installed

pkg search string search for packages with the given string (or filename) in them

pkg install package install specified package

pkg uninstall package remove specified package

Installing a package also installs all its dependency packages. Uninstalling will only remove the specified package, unless the -r option is also specified. You can also pass -n option to do a quick “dry run” of most of these commands.

SMF

You should also be familiar with Solaris 10's SMF framework, which is in OpenSolaris as well. SMF is a framework for managing the services that run on your OpenSolaris server. To get started you only need to know two commands: svcs and svcadm. Running just “svcs -a” will show all the services that are either enabled or disabled.

Installing Software

Recommended

Since these are plain vanilla OpenSolaris builds, some packages are missing. Here is a short list of items we recommend installing to customize your environment:

pkg install SUNWman (man pages)

pkg install SUNWwget (wget)

pkg install SUNWgtar (GNU tar)

pkg install SUNWbind (nslookup, dig, and friends)

OpenSolaris Web Stack 1.5

In addition to specific packages as mentioned above, IPS also has “grouped” packages. Installing these packages installs all the components in that group. To install the latest stable versions of the common web infrastructure software (apache, mysql, php), run: pkg install amp. You can also see the official Getting Started Guide to Webstack.

The configuration directories are:

/etc/php/5.2

/etc/apache2/2.2

/etc/mysql/5.1

The /var (“variable data” location) is where all the logs and data files should reside in:

/var/php/5.2

/var/mysql/data (links to /var/mysql/5.1/data)

/var/apache2/2.2

The binaries and libs for the above software reside in:

/usr/apache2/2.2

/usr/mysql (links to /usr/mysql/5.1)

/usr/php (links to /usr/php/5.2)

The web site data should be put in /usr/apache2/2.2/htdocs. The web server by default runs as the webservd user and group. You can also use Lighttpd or Nginx web servers instead of Apache (see below).

The following shows the SMF service names associated with apache and mysql:

Known Issues

NOTE 1

The gd.so module included with PHP is broken as of September 2009 in our OpenSolaris VPS server. Apache will fail to start because of this! You need to either disable PHP's gd.so module OR additional software needs to be installed. This is due to bug 9231.

To disable gd.so module, edit /etc/php/5.2/conf.d/gd.ini and place ; before the extension=gd.so line.

If you require gd.so module in PHP, you need to install the X11 packages. To do so run: pkg install SUNWxwplt. Please do this only if gd.so module is required. The X11 packages install lots of additional software and services that are not needed and uses up extra disk space.

Note: As a hack, you can copy the entire /usr/X11 contents from another OpenSolaris install to your OpenSolaris VPS. Contact us for additional information.

NOTE 2

Apache 2.2 is broken as of September 2009 in our OpenSolaris VPS server. Apache may hang and will stop responding to HTTP requests. If you are seeing this, you need to make some minor changes, until we get official fix from Sun/OpenSolaris.

Lighttpd

To use Lighttpd, simply install the Lighttpd binaries: pkg install SUNWlighttpd14. The associated SMF service is:

Nginx

Nginx requires some additional steps, since it is not yet part of the default OpenSolaris release. You can easily install Nginx since it is available on another IPS repository. We start off with adding a new webstack repository that contains Nginx:

MySQL

Installing the amp package above will also install MySQL 5.1. The file system locations for the software: /usr/mysql, /var/mysql/data, /etc/mysql/my.cnf. To start mysql, just do:

root@wolf:/# svcadm enable mysql
root@wolf:/#

This will install MySQL and the setup the initial user tables in /var/mysql/data. You do not have to do anything else. There is no default password set. You should change the mysql passwords as soon as you install it.

Java

Using IPS, you can easily install the latest version of JDK. The general syntax to install the JDK is: pkg install runtime/java

Python

IPS uses the Python programming language, this is one of the reasons Python is already included in your OS, though it is the 2.4 version:

root@pana:~# /usr/bin/python -V
Python 2.4.4
root@pana:~#

Compiling

You can use the GCC compiler to compile software. To do this, the GCC development cluster (gmake/autoconf/libtool…) needs to be installed: pkg install gcc-dev.

Sun Studio Express

These steps are for using Sun Studio Express in OpenSolaris. It is the recommend compiler on the OpenSolaris platform - it has been optimized for OpenSolaris. Install compilers and additional required packages:

pkg install sunstudioexpress

pkg install SUNWggrp

pkg install SUNWbtool

Then, add the following contents to the end of /home/admin/.profile file (we recommend compiling as the admin user, until ready to install software).

Be sure to now source the new .profile or log out and in again to get the new environment in the admin account. That should do it.

Note: Instead of running make, you can run: dmake. This will make your compile a lot faster!

Mail (outgoing)

Sendmail is the default mail software in OpenSolaris.

You can configure sendmail to either be a daemon listening for incoming mail or have it just be a client that can send out mail (the most secure). The latter is required if you have a web site or application that needs to send mail to users. You can use these steps to setup a secure **sendmail client**:

pkg install SUNWsndm

svcadm enable sendmail

Doing netstat -an |grep LISTEN should now show that sendmail ports 25 and 587 running on localhost in a secure environment.

Note: Some Unix operations (crontab/mail/mailx) also use sendmail client to send out mail.

Networking

You have full access to the networking stack in the OpenSolaris environment. You can manage firewalls (ipfilter) and listen on the wire for network traffic (snoop). Please look at the ipfilter howto for more information on how to use it.

Defaults

As we've mentioned earlier, the OpenSolaris VPS servers from Entic.net are bare minimum installs. We do this on purpose - we want to provide the hardware and the base OS, the rest is up to you to customize and make your own.

There are, however, some minor changes which we feel are a must and have been done on your server:

We disable rpc/bind because RPC services are usually not required (even though the default rpc/bind service has a SMF property of config/local_only=true, we still disable it as an added security measure). We also disable a couple of services which we find running after the install (shown above).

We then create two users: admin and suser (more on suser below). We also make root a RBAC role, ensuring all direct root logins are disabled.

Both of these accounts are then given the “Primary Administrator” profile. This makes it so you can run commands as root using the “pfexec”: e.g. pfexec pkg install SUNWj6dev to install Java. In addition, since root is now a role, we also assign the root role to both admin and suser users.

suser: suser is a special account we create so we can login to your server, if there is ever a need. Since root is a role, we can no longer login as root directly. Please leave this account as is, if at all possible. It has been setup so no one can login to it, remotely.